Careful. If you have already committed it, and you ever push the repo to a public GH repo, your key is compromised. Just because some benevolent slacker-attackers on HN aren't sniffing the PSHB event queue, doesn't mean no one is. If you ever send the secret to Github, criminals have it. If you ever committed it, and then you ever push, then you've sent it to GitHub.
So yes, add the file to gitignore and git rm it, but also invalidate your keys and get new ones.
http://stackoverflow.com/questions/1139762/ignore-files-that...
The other alternative I can think of is to hide sensitive values in environment variables